Meta

Tag: devise_google_authenticator

A couple of weeks back, whilst working on some building some internal management apps, I finally got around to implementing the Devise Google Authenticator gem into a rails app outside of its own testing app. During this process I realised that I hadn’t correctly updated some of the extension’s code to properly work with the Devise 2.0 release, in particular the changes to the migration schema. A few amendments, a push or two and version 0.3.3 was now available.

Looking back over the process I’ve certainly learned a lot about Ruby, Rails and Devise, plus the whole Ruby Gems eco-system. What’s surprising though, is the number of people out there who appear to be using the gem. At a high level the breakdown is as follows:

Github forks: 6 (1 of which appears to be very proactive and hopefully we’ll get some pulls)

So far though, we’ve only had a few queries come in. But, to try and capture them in a more appropriate place I’ve started a Google Groups which, if you wish, you can sign up to and post queries. Or, if it’s easier, just hit us up on twitter: @xntrik or @asteriskinfosec.

Asterisk is happy to announce the release of their first (beta) Ruby Gem. The “devise_google_authenticator” gem is a Devise Extension that integrates Google’s 2nd Factor Authenticator into Devise’s authentication scheme. It’s not designed to replace the existing password scheme (database_authenticatable), but it’s ideal to provide a second factor authentication mechanism from your smart phone (Android, Blackberry, iOS).

If you are doing any Rails development and have a need for user authentication/authorisation then you should certainly be checking out Devise. From their site:

Devise is a flexible authentication solution for Rails based on Warden. It:

Is Rack based;

Is a complete MVC solution based on Rails engines;

Allows you to have multiple roles (or models/scopes) signed in at the same time;

Is based on a modularity concept: use just what you really need.

Lets put together a really simple application.. (I’m assuming you have Ruby 1.9.2, but no other gems available. Also, most of this is following the Rails Guide and the Devise installation process)

Edit your main application controller to require user authentication for all pages (edit app/controllers/application_controller.rb add just after protect_from_forgery) with the following:
before_filter :authenticate_user!

Now start up your app and visit localhost:3000:
$ rails server

After you register your user (after clicking Sign Up), you should be displayed with a QR Code. Simply add this to your Google Authenticator app on your phone, enable the authenticator, close down your browser (to clear your session), revisit the website and after you sign in, you’ll be prompted for your one time password.